security

Healthcare.gov security 'shockingly bad' say computer experts

Tuesday, January 28, 2014 by: J. D. Heyes
Tags: Healthcare.gov, website security, computer experts

eTrust Pro Certified

Most Viewed Articles
Popular on Facebook
The five biggest lies about Ebola being pushed by government and mass media
White House admits staging fake vaccination operation to gather DNA from the public
Why does the CDC own a patent on Ebola 'invention?'
Ultraviolet light robot kills Ebola in two minutes; why doesn't every hospital have one of these?
EXCLUSIVE: Natural News tests flu vaccine for heavy metals, finds 25,000 times higher mercury level than EPA limit for water
Irrefutable proof we are all being sprayed with poison: 571 tons of toxic lead 'chemtrailed' into America's skies every year
Truvia sweetener a powerful pesticide; scientists shocked as fruit flies die in less than a week from eating GMO-derived erythritol
Russia taking McDonald's to court, threatens countrywide shutdown
Oregon man serving prison sentence for collecting rainwater on his own property
The best way to help your body protect itself against Ebola (or any virus or bacteria)
Senator who attacked Doctor Oz over dietary supplements received over $146,000 in campaign contributions from Big Pharma mega-retailer and Monsanto
Global warming data FAKED by government to fit climate change fictions
Healthy 12-year-old girl dies shortly after receiving HPV vaccine
Ebola outbreak may already be uncontrollable; Monsanto invests in Ebola treatment drug company as pandemic spreads
HOAX confirmed: Michelle Obama 'GMOs for children' campaign a parody of modern agricultural politics
Ben & Jerry's switches to non-GMO, Fair Trade ice cream ingredients
W.H.O. contradicts CDC, admits Ebola can spread via coughing, sneezing and by touching contaminated surfaces
Elliot Rodger, like nearly all young killers, was taking psychiatric drugs (Xanax)
Delicious
(NaturalNews) The federal government had years to design it, build it and test it. They had the full backing of the U.S. Treasury, compliments of the (dwindling) American taxpayer. And still, Washington bureaucrats couldn't make it work.

A government that mobilized 16 million during World War II, built hundreds of warships, tens of thousands of tanks and aircraft, developed the atomic bomb and, later, built the U.S. Interstate System and put men in space - has been unable, in 2014, to design and launch a functional website.

That's the sad story of Uncle Sam and his online Obamacare health insurance exchange, Healthcare.gov. Worse, say experts who have repeatedly examined the site, the security for it is "shockingly bad."

As reported by NBC News:

Cybersecurity researchers slammed HealthCare.gov's security during a House hearing [recently], saying the site is still riddled with problems that could put consumers' sensitive health details at risk.

"The reason we're concluding that this is so shockingly bad is that the issues across the site are so varied," David Kennedy, founder of the information security firm TrustedSec, told NBC News. "You don't even have to hack into the system to see big issues - which means there are [major problems] underneath."

Critics of Kennedy have said his conclusions are politically motivated, because he was brought in by Republicans in the House who are opposed to Obamacare. But he maintains that that isn't the case; his job, regardless of who asks him to do it, is to test the security of government sites.

'Nothing's really changed'

He's one of a group of "white-hat hackers" - hacking experts who try to break into government and corporate websites, not to steal or cause havoc, but to find security flaws so they can be fixed. And, Kennedy has said repeatedly (last fall after Healthcare.gov's abysmal launch and again just recently) that the site just isn't secure.

"Nothing's really changed since our November 19 testimony," Kennedy said during a recent House hearing. "In fact, it's worse."

In November, Kennedy identified 18 serious issues with the site. Now, weeks later, only half of one of those 18 issues has been fixed, he said. Not only that, but since then he has also found additional problems with the site:

A separate House Oversight committee hearing held [last week] included testimony from government officials including Teresa Fryer, the chief information officer of the Centers for Medicare and Medicare Services (CMS), which manages HealthCare.gov.

According to Fryer, HealthCare.gov passed a "security control assessment" on December 18 with "no open high findings." But she and the other officials faced a grilling from the panel about why more tests were not completed earlier, and why warnings about the site's launch were not heeded.


There are still some critical problems

During the Science Committee hearing, Kennedy said he would not disclose specifics about the vulnerabilities, because they are active issues that hackers could ultimately uncover and exploit. However, he did identify issues like the disclosure of user profiles, as well as the ability to access eligibility reports without proper identification.

"Some issues still include critical or high-risk findings to personal information," Kennedy said in his written testimony. In addition, the expert also submitted statements into the record from seven other security researchers who expressed serious concerns.

The CMS has since released a separate statement, in response to Kennedy's testimony, insisting that the agency took any and all security concerns seriously and that it has a "robust system in place" to address any security issues.

"To date, there have been no successful security attacks on Healthcare.gov and no person or group has maliciously accessed personally identifiable information from the site," the CMS said in the statement. The agency also said it continually conducts security testing on the site.

But many lawmakers remained unconvinced. And other experts, like Michael Gregg, CEO of the security consulting firm Superior Solutions, suggested that the government simply rolled out Healthcare.gov too quickly - before adequate product testing could be completed.

"Hacking today is big business," Gregg told the Science Committee.

Sources:

http://www.nbcnews.com

http://www.naturalnews.com

http://cnsnews.com

Join over four million monthly readers. Your privacy is protected. Unsubscribe at any time.
comments powered by Disqus
Take Action: Support NaturalNews.com by linking back to this article from your website

Permalink to this article:

Embed article link: (copy HTML code below):

Reprinting this article:
Non-commercial use OK, cite NaturalNews.com with clickable link.

Follow Natural News on Facebook, Twitter, Google Plus, and Pinterest

Colloidal Silver

Advertise with NaturalNews...

Support NaturalNews Sponsors:

Advertise with NaturalNews...

GET SHOW DETAILS
+ a FREE GIFT

Sign up for the FREE Natural News Email Newsletter

Receive breaking news on GMOs, vaccines, fluoride, radiation protection, natural cures, food safety alerts and interviews with the world's top experts on natural health and more.

Join over 7 million monthly readers of NaturalNews.com, the internet's No. 1 natural health news site. (Source: Alexa.com)

Your email address *

Please enter the code you see above*

No Thanks

Already have it and love it!

Natural News supports and helps fund these organizations:

* Required. Once you click submit, we will send you an email asking you to confirm your free registration. Your privacy is assured and your information is kept confidential. You may unsubscribe at anytime.